GET

Patch Detail

Show a patch.

GET /api/patches/17732/?format=api
HTTP 200 OK
Allow: GET, PUT, PATCH, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 17732,
    "url": "https://patchwork.libcamera.org/api/patches/17732/?format=api",
    "web_url": "https://patchwork.libcamera.org/patch/17732/",
    "project": {
        "id": 1,
        "url": "https://patchwork.libcamera.org/api/projects/1/?format=api",
        "name": "libcamera",
        "link_name": "libcamera",
        "list_id": "libcamera_core",
        "list_email": "libcamera-devel@lists.libcamera.org",
        "web_url": "",
        "scm_url": "",
        "webscm_url": ""
    },
    "msgid": "<20221030230500.74842-4-nicholas@rothemail.net>",
    "date": "2022-10-30T23:04:58",
    "name": "[libcamera-devel,v6,3/5] ipa: add a flag to disable isolation for Android",
    "commit_ref": null,
    "pull_url": null,
    "state": "new",
    "archived": false,
    "hash": "6686772b4253773ad3410d14e10a296df615a5ff",
    "submitter": {
        "id": 137,
        "url": "https://patchwork.libcamera.org/api/people/137/?format=api",
        "name": "Nicholas Roth",
        "email": "nicholas@rothemail.net"
    },
    "delegate": null,
    "mbox": "https://patchwork.libcamera.org/patch/17732/mbox/",
    "series": [
        {
            "id": 3589,
            "url": "https://patchwork.libcamera.org/api/series/3589/?format=api",
            "web_url": "https://patchwork.libcamera.org/project/libcamera/list/?series=3589",
            "date": "2022-10-30T23:04:56",
            "name": "[libcamera-devel,v6,1/5] ipa: workaround libcxx duration limitation",
            "version": 6,
            "mbox": "https://patchwork.libcamera.org/series/3589/mbox/"
        }
    ],
    "comments": "https://patchwork.libcamera.org/api/patches/17732/comments/",
    "check": "pending",
    "checks": "https://patchwork.libcamera.org/api/patches/17732/checks/",
    "tags": {},
    "headers": {
        "Return-Path": "<libcamera-devel-bounces@lists.libcamera.org>",
        "X-Original-To": "parsemail@patchwork.libcamera.org",
        "Delivered-To": "parsemail@patchwork.libcamera.org",
        "Received": [
            "from lancelot.ideasonboard.com (lancelot.ideasonboard.com\n\t[92.243.16.209])\n\tby patchwork.libcamera.org (Postfix) with ESMTPS id CF3FDC3285\n\tfor <parsemail@patchwork.libcamera.org>;\n\tSun, 30 Oct 2022 23:05:23 +0000 (UTC)",
            "from lancelot.ideasonboard.com (localhost [IPv6:::1])\n\tby lancelot.ideasonboard.com (Postfix) with ESMTP id 5646863037;\n\tMon, 31 Oct 2022 00:05:23 +0100 (CET)",
            "from mail-ot1-x333.google.com (mail-ot1-x333.google.com\n\t[IPv6:2607:f8b0:4864:20::333])\n\tby lancelot.ideasonboard.com (Postfix) with ESMTPS id D038B63034\n\tfor <libcamera-devel@lists.libcamera.org>;\n\tMon, 31 Oct 2022 00:05:19 +0100 (CET)",
            "by mail-ot1-x333.google.com with SMTP id\n\td26-20020a05683018fa00b0066ab705617aso5925215otf.13\n\tfor <libcamera-devel@lists.libcamera.org>;\n\tSun, 30 Oct 2022 16:05:19 -0700 (PDT)",
            "from nroth-pc.attlocal.net\n\t(104-5-61-214.lightspeed.austtx.sbcglobal.net. [104.5.61.214])\n\tby smtp.gmail.com with ESMTPSA id\n\tu4-20020a056871008400b0013c8ae74a14sm2269403oaa.42.2022.10.30.16.05.17\n\t(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n\tSun, 30 Oct 2022 16:05:17 -0700 (PDT)"
        ],
        "DKIM-Signature": [
            "v=1; a=rsa-sha256; c=relaxed/simple; d=libcamera.org;\n\ts=mail; t=1667171123;\n\tbh=IfMkSAJGamLk72+xer54fWr+yzrGKaU9cBho00iDY8k=;\n\th=To:Date:In-Reply-To:References:Subject:List-Id:List-Unsubscribe:\n\tList-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc:\n\tFrom;\n\tb=nHcVGB0EshHnF1nedUTmXmHofzWYvHxVqN/bd2FK8PHvLvMSgiADqZ1VNEkmcvEBJ\n\tk3z4twGAht1U8ZPXVw8097MPhx35zeXJbIGtq9laaYKQpCvqNiO8sF93iGFF1dCCnb\n\tMJzj8e3TXF6JKqvwtXN8RDlD4uOvmFNaSyUjj7EMmOBm7dyb8pOx04GZNn/1pvUEIR\n\tbiQJwXbiyICAltPlwS+ldAOAmLPY+3XGA0ol9fJ7fKrqH2zrhGKzydcQugcrt9sXwA\n\tgdwfSN5e8vm7BrFwO6ZZIRgeHawF0Xu2XujjBycURsil4+vMsFtB8bwYHuBCsZcYBg\n\tR92SdVldmH5VA==",
            "v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=rothemail-net.20210112.gappssmtp.com; s=20210112;\n\th=content-transfer-encoding:mime-version:references:in-reply-to\n\t:message-id:date:subject:cc:to:from:from:to:cc:subject:date\n\t:message-id:reply-to;\n\tbh=Dw+n/49NUNVR6SvuGKucupCVs8imNjPtbMgx2nr5rec=;\n\tb=zsFRfxmbxblvus124jYRUg6gq0CZjGrNjT2FvvnM77d6ylXGnWkpwK3xUk0qBGcSnS\n\te6ub5qA/AlWnAG0Obc5pJbBSa2fYAjLkj4UooZnKdfDbaEhcSf1+njWHjXSRK1wccyBF\n\t57vkv8UOKAC2JwCNdTDR1OOUhAo/79ylcO48p9D1p5tjhJIa/35r2i/KhTniLU+iYTbv\n\ty5SIkd0W6zPmvxzzV8eVhAShmlw1aifzGA7KR9TfcENojhBkiftDdKZPXADiAw1avDLV\n\tkWAwFW6pGwJ271HsRz7umINMzk1k6mUqUFhSq3wg1mQUnW3BE9E08lo818UeTuJRlQ0f\n\tgoLw=="
        ],
        "Authentication-Results": "lancelot.ideasonboard.com; dkim=pass (2048-bit key; \n\tunprotected)\n\theader.d=rothemail-net.20210112.gappssmtp.com\n\theader.i=@rothemail-net.20210112.gappssmtp.com header.b=\"zsFRfxmb\"; \n\tdkim-atps=neutral",
        "X-Google-DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20210112;\n\th=content-transfer-encoding:mime-version:references:in-reply-to\n\t:message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc\n\t:subject:date:message-id:reply-to;\n\tbh=Dw+n/49NUNVR6SvuGKucupCVs8imNjPtbMgx2nr5rec=;\n\tb=EeXE0ir84rT7H9XXK7M8UX3yMJ/22ntnXRL6yfKPwMvO0fVe2H1HKn4HzlRgnGzmKY\n\tp2OymPsmfmt2wpb6aUzImbZhyI8x7cZuy1d7RBm/m99nloU6iiqiDkFf3Q1BxqgC1sOR\n\t4DDX7HEo4zD/Q7zsIkzmxWmvw71QOBB8xcRZEnYZbKkzyZ2bRRjQ0OTCGVUYAv3HRuOT\n\tZGuYXlL6GCVFD4O4jOY7NERsEh+b+8LgdDKTExlxHhNR0Rt0zPniuS+U5ax2oFt4lZaG\n\tODUZYZK5P8E26eqK6phGpKqESit1uMbo9ezFwK2dw9DH/EPovPX5dcJ+J4eBjufgjYyS\n\t3vXg==",
        "X-Gm-Message-State": "ACrzQf08OHFRJ4/nRsx5S7/rCW/GBXhXKG7YbzO7fxOQxxzczT/4pmC3\n\tnw0KKkQ150LI4Yw+aMp3TqE1H1HWxh+Mbw==",
        "X-Google-Smtp-Source": "AMsMyM7WddGrDI7dXYLMSz0Wu2z4P8ycwRgkquee+MuEL79vz9/OmEqILpRzOivbChpkfoqjWGTOkw==",
        "X-Received": "by 2002:a05:6830:4104:b0:661:ac13:43ff with SMTP id\n\tw4-20020a056830410400b00661ac1343ffmr5276587ott.44.1667171117970; \n\tSun, 30 Oct 2022 16:05:17 -0700 (PDT)",
        "To": "libcamera-devel@lists.libcamera.org",
        "Date": "Sun, 30 Oct 2022 18:04:58 -0500",
        "Message-Id": "<20221030230500.74842-4-nicholas@rothemail.net>",
        "X-Mailer": "git-send-email 2.34.1",
        "In-Reply-To": "<20221030230500.74842-1-nicholas@rothemail.net>",
        "References": "<20221030230500.74842-1-nicholas@rothemail.net>",
        "MIME-Version": "1.0",
        "Content-Transfer-Encoding": "8bit",
        "Subject": "[libcamera-devel] [PATCH v6 3/5] ipa: add a flag to disable\n\tisolation for Android",
        "X-BeenThere": "libcamera-devel@lists.libcamera.org",
        "X-Mailman-Version": "2.1.29",
        "Precedence": "list",
        "List-Id": "<libcamera-devel.lists.libcamera.org>",
        "List-Unsubscribe": "<https://lists.libcamera.org/options/libcamera-devel>,\n\t<mailto:libcamera-devel-request@lists.libcamera.org?subject=unsubscribe>",
        "List-Archive": "<https://lists.libcamera.org/pipermail/libcamera-devel/>",
        "List-Post": "<mailto:libcamera-devel@lists.libcamera.org>",
        "List-Help": "<mailto:libcamera-devel-request@lists.libcamera.org?subject=help>",
        "List-Subscribe": "<https://lists.libcamera.org/listinfo/libcamera-devel>,\n\t<mailto:libcamera-devel-request@lists.libcamera.org?subject=subscribe>",
        "From": "Nicholas Roth via libcamera-devel <libcamera-devel@lists.libcamera.org>",
        "Reply-To": "Nicholas Roth <nicholas@rothemail.net>",
        "Cc": "Nicholas Roth <nicholas@rothemail.net>",
        "Errors-To": "libcamera-devel-bounces@lists.libcamera.org",
        "Sender": "\"libcamera-devel\" <libcamera-devel-bounces@lists.libcamera.org>"
    },
    "content": "Currently, libcamera isolates any IPAs whose signatures cannot be\nverified. Shared objects are created at build-time, and then signed. The\npublic signing key is embedded in a .cpp file, and libcamera verifies\nIPA signatures at runtime. When libcamera cannot authenticate an IPA, it\nruns it out-of-process.\n\nThis is problematic on three levels:\n* IPA signing fundamentally does not work on Android for vendor modules\n  like HALs (discussed below)\n* Executables built to run out-of-process are not ABI-compatible with\n  Android, making isolation infeasible [1]\n* Linux phone hardware tends to be low-end because of the FOSS\n  requirement, so the performance hit from out-of-process IPA isolation\n  is significant\n\nIPA signing fundamentally does not work for Android vendor modules:\nAfter we \"meson install\" built .so files to a known location, Android\nexplicitly access them in PREBUILT_SHARED_LIBRARY or BUILD_PREBUILIT\nto transform the .so files by stripping symbols among other things [2].\nBy modifying prebuilt libraries after we have already signed them, the\nbuild system renders our signatures useless on Android.\n\nAndroid distribution maintainers can use this flag to disable signature\nverification, which will allow them to use libcamera.\n\n[1] https://github.com/waydroid/waydroid/issues/519\n[2] https://cs.android.com/android/platform/superproject/+/master:build/make/core/cc_prebuilt_internal.mk?q=cc_prebuilt_internal\n\nSigned-off-by: Nicholas Roth <nicholas@rothemail.net>\n---\n meson.build                   |  4 ++++\n meson_options.txt             |  5 +++++\n src/libcamera/ipa_manager.cpp | 11 +++++++++++\n 3 files changed, 20 insertions(+)",
    "diff": "diff --git a/meson.build b/meson.build\nindex f218b8c2..917d0ae4 100644\n--- a/meson.build\n+++ b/meson.build\n@@ -76,6 +76,10 @@ if cc.has_header_symbol('stdlib.h', 'secure_getenv', prefix : '#define _GNU_SOUR\n     config_h.set('HAVE_SECURE_GETENV', 1)\n endif\n \n+if get_option('allow_unsigned_ipas_in_process')\n+    config_h.set('ALLOW_UNSIGNED_IPAS_IN_PROCESS', 1)\n+endif\n+\n common_arguments = [\n     '-Wshadow',\n     '-include', meson.current_build_dir() / 'config.h',\ndiff --git a/meson_options.txt b/meson_options.txt\nindex f1d67808..77b21b9a 100644\n--- a/meson_options.txt\n+++ b/meson_options.txt\n@@ -64,3 +64,8 @@ option('pycamera',\n         type : 'feature',\n         value : 'disabled',\n         description : 'Enable libcamera Python bindings (experimental)')\n+\n+option('allow_unsigned_ipas_in_process',\n+        type : 'boolean',\n+        value : false,\n+        description : 'Allow unsigned IPAs to run in libcamera\\'s address space')\ndiff --git a/src/libcamera/ipa_manager.cpp b/src/libcamera/ipa_manager.cpp\nindex 030ef43f..403cc42a 100644\n--- a/src/libcamera/ipa_manager.cpp\n+++ b/src/libcamera/ipa_manager.cpp\n@@ -114,6 +114,14 @@ IPAManager::IPAManager()\n \t\tLOG(IPAManager, Warning) << \"Public key not valid\";\n #endif\n \n+#if ALLOW_UNSIGNED_IPAS_IN_PROCESS\n+\tLOG(IPAManager, Warning)\n+\t\t<< \"All IPAs running in-process without signature verification.\"\n+\t\t<< \" This is recommended only for tightly-managed installs\"\n+\t\t<< \" in contexts where both signature verification and out-of-process\"\n+\t\t<< \" execution are infeasible, such as Android HALs.\";\n+#endif\n+\n \tunsigned int ipaCount = 0;\n \n \t/* User-specified paths take precedence. */\n@@ -281,6 +289,9 @@ IPAModule *IPAManager::module(PipelineHandler *pipe, uint32_t minVersion,\n \n bool IPAManager::isSignatureValid([[maybe_unused]] IPAModule *ipa) const\n {\n+#if ALLOW_UNSIGNED_IPAS_IN_PROCESS\n+\treturn true;\n+#endif\n #if HAVE_IPA_PUBKEY\n \tchar *force = utils::secure_getenv(\"LIBCAMERA_IPA_FORCE_ISOLATION\");\n \tif (force && force[0] != '\\0') {\n",
    "prefixes": [
        "libcamera-devel",
        "v6",
        "3/5"
    ]
}